<?php
/**
 * FlickrPhotosetsAuth class file
 * @package FlickrPhotosets
 */

/**
 * This class authenticates users with Flickr.
 * 
 * @package FlickrPhotosets
 * @author Brad Dougherty <bdougherty@gmail.com>
 * @version 7.10.15
 * @license http://www.gnu.org/licenses/gpl.html GNU General Public License 3.0
 * @since Class available since Release 2.0
 */
class FlickrPhotosetsAuth extends FlickrPhotosets {
	
	/**
	 * This constructor handles the communication between Flickr and the
	 * app when authenticating. When removing the authentication, it will
	 * prompt the user to revoke permissions from Flickr.
	 * 
	 * @author Brad Dougherty <bdougherty@gmail.com>
	 */
	public function __construct() {
		
		// Remove the authorization
		if ($_GET['remove']) {
			
			/*
			Run the parent constructor to create the Facebook object
			and connect to the database
			*/
			parent::__construct();
			
			// Get the user that is logged in
			$this->uid = $this->facebook->require_login();
			
			// Get the user's configuration so we can send them to remove Flickr permission
			$this->get_info();
			
			// Remove their Flickr authorization
			$this->remove_auth();
			
			// Display Flickr revoke permissions page
			$token = $this->config['flickr_token'];
			$strpos = strpos($token, '-');
			$token = substr($token, 0, $strpos);
			
			/*
			Create a canvas page with an iframe.
			This will allow the user to remove the Flickr authorization if they want.
			
			This code block below really should be somewhere else, but it's staying here for now...
			*/
			echo '<fb:header decoration="add_border">Revoke Permissions</fb:header>';
			echo '<div style="padding:15px 45px 15px;"><h3>If you wish, you may revoke the permissions for '.$this->app_name.' on Flickr.</h3><p>It is recommended that you revoke the permissions if you are going to remove '.$this->app_name.'. When you are finished, click the Continue link below. If you do not wish to revoke the permissions, you can just click Continue.</p></div>';
			echo '<fb:iframe src="http://www.flickr.com/services/auth/revoke.gne?token='.$token.'" style="border-left:0;border-right:0;border-top:1px solid #d8dfea;border-bottom:1px solid #d8dfea;width:100%;height:325px;" scrolling="no" />';
			echo '<div style="padding:20px 45px;text-align:right;"><h3><a href="'.$this->app_url.'/configure.php">Continue</a></h3></div>';
			
		}
		// Authorize an account
		else {
			
			/*
			This is a little complicated because for some reason,
			if this is all done in a canvas page there are too
			many redirects and Facebook doesn't like it.

			So the solution is to have the first page NOT a canvas
			page, that is the one that redirects to Flickr. Flickr
			will then bounce us back to a canvas page so we can
			make sure that the user is who they say they are.

			There is no need to see if authentication has already
			taken place. It will just regenerate the same token.
			*/

			// Create the Flickr object
			$this->flickr = new phpFlickr(FLICKR_API_KEY, FLICKR_API_SECRET);

			// We can tell if we're coming from Flickr if there is a frob
			if (empty($_GET['frob'])) {

				// Since we don't have a frob, redirect to Flickr to get one
				$this->flickr->auth('read', false);

			}
			else {

				// Now we will run the parent constructor
				parent::__construct();

				// Make sure this is a canvas page (should never be a problem)
				$this->facebook->require_frame();

				// We will get the user that is logged in (hopefully it's the right person!)
				$this->uid = $this->facebook->require_login();

				// Now we have the frob and can generate the token and store it
				$this->store_token($this->flickr->auth_getToken($_GET['frob']));
				
				// Set the profile FBML
				$this->set_profile_fbml();

				// Redirect to the configuration page
				$this->facebook->redirect($this->app_url.'/configure.php');

			}
			
		}
		
	}
	
	/**
	 * Checks the token in the supplied Flickr object to see if it is valid.
	 * 
	 * @author Brad Dougherty <bdougherty@gmail.com>
	 * @param phpFlickr $flickr The Flickr object to check with
	 * @return boolean True if the token is valid
	 */
	static public function check_token($flickr) {
		$check = $flickr->auth_checkToken();
		return ($check['perms'] == 'none') ? false : true;
	}
	
	/**
	 * Removes the user's Flickr information from the database.
	 * 
	 * @author Brad Dougherty <bdougherty@gmail.com>
	 * @return boolean True if successfully removed
	 */
	private function remove_auth() {
		return $this->db->remove_flickr_auth($this->uid);
	}
	
	/**
	 * Stores the user's Flickr token and NSID in the database.
	 * 
	 * @author Brad Dougherty <bdougherty@gmail.com>
	 * @param array $return The array returned from calling the flickr->auth_getToken() function
	 * @return boolean True if successfully added
	 */
	private function store_token($return) {
		return $this->db->store_token($this->uid, $return['user']['nsid'], $return['token']);
	}
	
}

?>